Lightweight coherency control protocol for clustered storage system

ABSTRACT

A lightweight coherency control protocol ensures consistency of data containers, such as a file, and associated data buffers stored on one or more volumes served by a plurality of nodes, e.g., storage systems, connected as a cluster. Each data buffer is associated with a current cache sequence number comprising a load generation value and an update count value. The load generation value is incremented every time an inode of a file is loaded into a memory of the storage system. Once the inode is loaded and its load generation value is set, then the appropriate buffer of a buffer tree for the file is loaded into the memory. The update count value is incremented each time the buffer is updated with a write request/operation. Therefore, each buffer loaded into memory is tagged with the load generation value and an update count from the time that buffer is loaded.

RELATED APPLICATIONS

This application is a continuation of U.S. Ser. No. 11/264,601, issuedas U.S. Pat. No. 7,376,796 on May 20, 2008, filed by Peter F. Corbett etal. on Nov. 1, 2005.

FIELD OF THE INVENTION

The present invention relates to clustered computer environments and,more particularly, to ensuring consistency of data containers served bystorage systems interconnected as a cluster.

BACKGROUND OF THE INVENTION

A storage system typically comprises one or more storage devices intowhich information may be entered, and from which information may beobtained, as desired. The storage system includes a storage operatingsystem that functionally organizes the system by, inter alia, invokingstorage operations in support of a storage service implemented by thesystem. The storage system may be implemented in accordance with avariety of storage architectures including, but not limited to, anetwork-attached storage environment, a storage area network and a diskassembly directly attached to a client or host computer. The storagedevices are typically disk drives organized as a disk array, wherein theterm “disk” commonly describes a self-contained rotating magnetic mediastorage device. The term disk in this context is synonymous with harddisk drive (HDD) or direct access storage device (DASD).

The storage operating system of the storage system may implement ahigh-level module, such as a file system, to logically organize theinformation stored on volumes as a hierarchical structure of datacontainers, such as files and logical units. For example, each “on-disk”file may be implemented as set of data structures, i.e., disk blocks,configured to store information, such as the actual data for the file.These data blocks are organized within a volume block number (vbn) spacethat is maintained by the file system. The file system may also assigneach data block in the file a corresponding “file offset” or file blocknumber (fbn). The file system typically assigns sequences of fbns on aper-file basis, whereas vbns are assigned over a larger volume addressspace. The file system organizes the data blocks within the vbn space asa “logical volume”; each logical volume may be, although is notnecessarily, associated with its own file system.

A known type of file system is a write-anywhere file system that doesnot overwrite data on disks. If a data block is retrieved (read) fromdisk into a memory of the storage system and “dirtied” (i.e., updated ormodified) with new data, the data block is thereafter stored (written)to a new location on disk to optimize write performance. Awrite-anywhere file system may initially assume an optimal layout suchthat the data is substantially contiguously arranged on disks. Theoptimal disk layout results in efficient access operations, particularlyfor sequential read operations, directed to the disks. An example of awrite-anywhere file system that is configured to operate on a storagesystem is the Write Anywhere File Layout (WAFL™) file system availablefrom Network Appliance, Inc., Sunnyvale, Calif.

The storage system may be further configured to operate according to aclient/server model of information delivery to thereby allow manyclients to access data containers stored on the system. In this model,the client may comprise an application, such as a database application,executing on a computer that “connects” to the storage system over acomputer network, such as a point-to-point link, shared local areanetwork (LAN), wide area network (WAN), or virtual private network (VPN)implemented over a public network such as the Internet. Each client mayrequest the services of the storage system by issuing file-based andblock-based protocol messages (in the form of packets) to the systemover the network.

A plurality of storage systems may be interconnected to provide astorage system environment configured to service many clients. Eachstorage system may be configured to service one or more volumes, whereineach volume stores one or more data containers. Yet often a large numberof data access requests issued by the clients may be directed to a smallnumber of data containers serviced by a particular storage system of theenvironment. A solution to such a problem is to distribute the volumesserviced by the particular storage system among all of the storagesystems of the environment. This, in turn, distributes the data accessrequests, along with the processing resources needed to service suchrequests, among all of the storage systems, thereby reducing theindividual processing load on each storage system. However, a noteddisadvantage arises when only a single data container, such as a file,is heavily accessed by clients of the storage system environment. As aresult, the storage system attempting to service the requests directedto that file may exceed its processing resources and becomeoverburdened, with a concomitant degradation of speed and performance.

One technique for overcoming the disadvantages of having a single filethat is heavily utilized is to stripe the file across a plurality ofvolumes configured as a striped volume set (SVS), where each volume,such as a data volume (DV), is serviced by a different storage system,thereby distributing the load for the single file among a plurality ofstorage systems. A technique for data container (such as a file)striping is described in U.S. patent application Ser. No. 11/119,278,entitled STORAGE SYSTEM ARCHITECTURE FOR STRIPING DATA CONTAINER CONTENTACROSS VOLUMES OF A CLUSTER, now issued as U.S. Pat. No. 7,698,289 onApr. 13, 2010 by Kazar et al., which application is hereby incorporatedby reference as though fully set forth herein. According to the datacontainer striping arrangement, each storage system may service accessrequests (i.e., file operations) from clients directed to the same file.File operations, such as read and write operations, are forwardeddirectly to the storage systems that are responsible for their portionsof the data for that file.

An exemplary distributed multi-storage system architecture may comprisea plurality of storage systems organized as a cluster, wherein eachstorage system includes a thin front-end element that performs protocolconversion of file access protocols into a common cluster protocol forcommunicating with a back-end element of a storage system. The front-endelement includes a local cache memory for temporarily storing(“caching”) data to serve client requests faster and more efficiently.Each back-end element serves one or more particular files or particularregions of files and, as such, maintains an authoritative version of thefiles or regions of files.

A front-end element of the cluster that receives a client requestdirected to a file initially attempts to serve that request from itslocal cache. However, the front-end element may not know whether itslocal cache is up-to-date because there may be another front-end elementof the cluster that is also writing to that same file. Write requestsare “pushed through” (forwarded) to the appropriate back-end element,whereas read requests are attempted to be serviced first from the localcache of the front-end element or, alternatively, at the appropriateback-end element. An issue with this clustered storage systemarchitecture involves ensuring that a copy of a region of file data(i.e., a data buffer) stored in a local cache of a front-end element isup-to-date (“coherent”) with respect to the authoritative copy of thatdata at the back-end element.

An approach to ensuring coherency of data in a clustered multi-storagesystem having front-end and back-end elements involves distributedlocking using file locks, such as range locks and/or opportunistic locks(op-locks). A range lock is a hard lock that provides exclusive accessto a specific byte range within a file. The range lock is establishedupon request by a caller (such as a front-end element) and is releasedonly at the request of the lock's owner (such as a back-end element).The front-end element can request and be granted a range lock thatenables exclusive access to the corresponding range of the file so thatit performs write operations on cached data until the back-end elementinstructs it to release the lock.

An op-lock is an automatically revocable soft lock that allows thefront-end element to operate on a file data until such time as aconflicting operation is attempted. The front-end element can cache thedata and perform read and write operations on the cached data because itknows that no other access is allowed to that data as long as it has anop-lock on the file. As soon as a second front-end element attempts aconflicting operation on the file, the back-end element blocks theconflicting operation and revokes the op-lock. In particular, theback-end element instructs the front-end element to return (“flush”) anywrite modifications to the back-end element and then discard the entirecontent of its local cache. The back-end element then unblocks thesecond front-end element and grants it an op-block to the file.

However, substantial overhead is required with respect to maintenanceand utilization of such a distributed file system cache of file data inthe clustered storage system using distributed locks. The presentinvention is directed to a system and method that reduces the overheadof maintaining data coherency in a clustered storage system.

SUMMARY OF THE INVENTION

The invention overcomes the disadvantages of the prior art by providinga light-weight coherency control protocol for ensuring consistency ofdata containers and associated data buffers stored on one or morevolumes served by a plurality of nodes, e.g., storage systems, connectedas a cluster. Each storage system of the cluster includes (i) a diskelement (D-module) adapted to service one or more volumes of the clusterand (ii) a network element (N-module) adapted to redirect a data accessrequest for a data container to any D-module of the cluster. TheD-module maintains an authoritative version of the data container, suchas a file, or region (data buffer) of the file. Notably, a local cachememory is provided on the N-module to enable caching of data buffers andserving of data access requests on that module. Each file isillustratively identified by a file identifier (file ID) and each databuffer is represented by a file block number (fbn) that identifies theposition or offset of the buffer within the file.

According to an aspect of the invention, each data buffer is associatedwith a current cache sequence number comprising a load generation valueand an update count value. The load generation value is incrementedevery time an inode of a file is loaded into a memory of the D-module.Once the inode is loaded and its load generation value is set, then theappropriate data buffer of a buffer tree for the file is loaded into thememory. The update count value is incremented each time the buffer isupdated with a write request/operation. Therefore, each data bufferloaded into memory is tagged with the load generation value and anupdate count from the time that buffer is loaded.

Broadly stated, in response to receiving the data access (read) requestfrom a client that is directed to a file, an N-module forwards a messageto the appropriate D-module to validate the particular file and databuffer that the N-module attempts to serve. The D-module retrieves theinode of the requested file and determines whether the data buffer iscached at the N-module and, if so, whether that cached copy isrepresentative of the most recent version of the data buffer (as denotedby the current cache sequence number). If the copy of the data buffercached at the N-module represents the most recent version of the buffer,the D-module returns a response to the N-module indicating that thecached buffer can be used to service the read request. Otherwise, theD-module returns (i) a copy of the updated data buffer to the N-moduleas part of the response or (ii) a response indicating that the cachedbuffer is “stale”. In the latter case, the N-module then forwards amessage to the D-module requesting the updated data buffer.

Advantageously, the invention enables distribution of a file systembuffer cache across multiple storage systems of the cluster in acoherent manner. In other words, the invention ensures data coherencyacross the nodes because it maintains a single point of control for eachfile, i.e., the D-module that owns that file. Furthermore, the inventivecoherency control protocol does not require the use of distributedlocking, such as range locks, as commonly used with prior distributedmulti-storage system architectures.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and further advantages of invention may be better understoodby referring to the following description in conjunction with theaccompanying drawings in which like reference numerals indicateidentical or functionally similar elements:

FIG. 1 is a schematic block diagram of a plurality of nodesinterconnected as a cluster in accordance with an embodiment of thepresent invention;

FIG. 2 is a schematic block diagram of a node, such as a storage system,in accordance with an embodiment of the present invention;

FIG. 3 is a schematic block diagram of a storage operating system thatmay be advantageously used with the present invention;

FIG. 4 is a schematic block diagram illustrating the format of a clusterfabric (CF) message in accordance with an embodiment of with the presentinvention;

FIG. 5 is a schematic block diagram illustrating the format of a datacontainer handle in accordance with an embodiment of the presentinvention;

FIG. 6 is a schematic block diagram of an exemplary inode in accordancewith an embodiment of the present invention;

FIG. 7 is a schematic block diagram of an exemplary buffer tree inaccordance with an embodiment of the present invention;

FIG. 8 is a schematic block diagram of an illustrative embodiment of abuffer tree of a file that may be advantageously used with the presentinvention;

FIG. 9 is a schematic block diagram of an exemplary aggregate inaccordance with an embodiment of the present invention;

FIG. 10 is a schematic block diagram of an exemplary on-disk layout ofthe aggregate in accordance with an embodiment of the present invention;

FIG. 11 is a schematic block diagram illustrating a collection ofmanagement processes in accordance with an embodiment of the presentinvention;

FIG. 12 is a schematic block diagram of a volume location database(VLDB) volume entry in accordance with an embodiment of the presentinvention;

FIG. 13 is a schematic block diagram of a VLDB aggregate entry inaccordance with an embodiment of the present invention;

FIG. 14 is a schematic block diagram of a striped volume set (SVS) inaccordance with an embodiment of the present invention;

FIG. 15 is a schematic block diagram of a VLDB SVS entry in accordancewith an embodiment the present invention;

FIG. 16 is a diagram illustrating data buffers or blocks of a filearrayed in file space over time;

FIG. 17 is a flowchart illustrating an aspect of the lightweightcoherency control protocol procedure in accordance with the presentinvention;

FIG. 18 is a schematic block diagram of a cache table that may beadvantageously used with the present invention; and

FIGS. 19A, 19B are schematic block diagrams illustrating operation of alight-weight coherency control protocol for a clustered storage systemin accordance with the present invention.

DETAILED DESCRIPTION OF AN ILLUSTRATIVE EMBODIMENT A. ClusterEnvironment

FIG. 1 is a schematic block diagram of a plurality of nodes 200interconnected as a cluster 100 and configured to provide storageservice relating to the organization of information on storage devices.The nodes 200 comprise various functional components that cooperate toprovide a distributed storage system architecture of the cluster 100. Tothat end, each node 200 is generally organized as a network element(N-module 310) and a disk element (D-module 350). The N-module 310includes functionality that enables the node 200 to connect to clients180 over a computer network 140, while each D-module 350 connects to oneor more storage devices, such as disks 130 of a disk array 120. Thenodes 200 are interconnected by a cluster switching fabric 150 which, inthe illustrative embodiment, may be embodied as a Gigabit Ethernetswitch. An exemplary distributed file system architecture is generallydescribed in U.S. Patent Application Publication No. US 2002/0116593titled METHOD AND SYSTEM FOR RESPONDING TO FILE SYSTEM REQUESTS, by M.Kazar et al. published Aug. 22, 2002, now issued as U.S. Pat. No.6,671,773 on Dec. 30, 2003. It should be noted that while there is shownan equal number of N and D-modules in the illustrative cluster 100,there may be differing numbers of N and/or D-modules in accordance withvarious embodiments of the present invention. For example, there may bea plurality of N-modules and/or D-modules interconnected in a clusterconfiguration 100 that does not reflect a one-to-one correspondencebetween the N and D-modules. As such, an N-module or D-module may beembodied as a node 200. Therefore, the description of a node 200comprising one N-module and one D-module should be taken as illustrativeonly.

The clients 180 may be general-purpose computers configured to interactwith the node 200 in accordance with a client/server model ofinformation delivery. That is, each client may request the services ofthe node, and the node may return the results of the services requestedby the client, by exchanging packets over the network 140. The clientmay issue packets including file-based access protocols, such as theCommon Internet File System (CIFS) protocol or Network File System (NFS)protocol, over the Transmission Control Protocol/Internet Protocol(TCP/IP) when accessing information in the form of files anddirectories. Alternatively, the client may issue packets includingblock-based access protocols, such as the Small Computer SystemsInterface (SCSI) protocol encapsulated over TCP (iSCSI) and SCSIencapsulated over Fibre Channel (FCP), when accessing information in theform of blocks.

B. Storage System Node

FIG. 2 is a schematic block diagram of a node 200 that is illustrativelyembodied as a storage system comprising a plurality of processors 222a,b, a memory 224, a network adapter 225, a cluster access adapter 226,a storage adapter 228 and local storage 230 interconnected by a systembus 223. The local storage 230 comprises one or more storage devices,such as disks, utilized by the node to locally store configurationinformation (e.g., in configuration table 235) provided by one or moremanagement processes that execute as user mode applications 1100 (seeFIG. 11). The cluster access adapter 226 comprises a plurality of portsadapted to couple the node 200 to other nodes of the cluster 100. In theillustrative embodiment, Ethernet is used as the clustering protocol andinter-connect media, although it will be apparent to those skilled inthe art that other types of protocols and interconnects may be utilizedwithin the cluster architecture described herein. In alternateembodiments where the N-modules and D-modules are implemented onseparate storage systems or computers, the cluster access adapter 226 isutilized by the N/D-module for communicating with other N/D-modules inthe cluster 100.

Each node 200 is illustratively embodied as a dual processor storagesystem executing a storage operating system 300 that preferablyimplements a high-level module, such as a file system, to logicallyorganize the information as a hierarchical structure of named datacontainers, such as directories, files and special types of files calledvirtual disks (hereinafter generally “blocks”) on the disks. However, itwill be apparent to those of ordinary skill in the art that the node 200may alternatively comprise a single or more than two processor system.Illustratively, one processor 222 a executes the functions of theN-module 310 on the node, while the other processor 222 b executes thefunctions of the D-module 350.

The present invention is illustratively implemented on the cluster 100by extending the distributed storage system architecture to allow datacaching on N-modules 310 using a novel lightweight coherency controlprotocol. As described herein, each D-module 350 services one or moreparticular files or particular regions of files and, accordingly,maintains an authoritative version of the file and/or region (databuffer) of the file. However, the use of data caching (i.e., caching ofdata buffers) enables the N-modules to serve client requests directed todata containers, such as files, faster and more efficiently than havingto always redirect requests to the appropriate D-modules. Accordingly, alocal cache memory (“local cache” 240) illustratively adapted toprovided such data caching is associated with the processor 222 aexecuting the functions of the N-module. The inventive coherencyprotocol may be easily implemented on the distributed architecturebecause the protocol operates at the inode and buffer level. Inaddition, the invention may be employed in clustered storage systemarchitectures where the distance between storage systems is significant,thus rendering the front-end cache a “remote” cache.

The memory 224 illustratively comprises storage locations that areaddressable by the processors and adapters for storing software programcode. A portion of the memory may be further organized as a “buffercache” 250 for storing certain data structures associated with thepresent invention. The processor and adapters may, in turn, compriseprocessing elements and/or logic circuitry configured to execute thesoftware code and manipulate the data structures. The storage operatingsystem 300, portions of which is typically resident in memory andexecuted by the processing elements, functionally organizes the node 200by, inter alia, invoking storage operations in support of the storageservice implemented by the node. It will be apparent to those skilled inthe art that other processing and memory means, including variouscomputer readable media, may be used for storing and executing programinstructions pertaining to the invention described herein.

The network adapter 225 comprises a plurality of ports adapted to couplethe node 200 to one or more clients 180 over point-to-point links, widearea networks, virtual private networks implemented over a publicnetwork (Internet) or a shared local area network. The network adapter225 thus may comprise the mechanical, electrical and signaling circuitryneeded to connect the node to the network. Illustratively, the computernetwork 140 may be embodied as an Ethernet network or a Fibre Channel(FC) network. Each client 180 may communicate with the node over network140 by exchanging discrete frames or packets of data according topre-defined protocols, such as TCP/IP.

The storage adapter 228 cooperates with the storage operating system 300executing on the node 200 to access information requested by theclients. The information may be stored on any type of attached array ofwritable storage device media such as video tape, optical, DVD, magnetictape, bubble memory, electronic random access memory, micro-electromechanical and any other similar media adapted to store information,including data and parity information. However, as illustrativelydescribed herein, the information is preferably stored on the disks 130of array 120. The storage adapter comprises a plurality of ports havinginput/output (I/O) interface circuitry that couples to the disks over anI/O interconnect arrangement, such as a conventional high-performance,FC link topology.

Storage of information on each array 120 is preferably implemented asone or more storage “volumes” that comprise a collection of physicalstorage disks 130 cooperating to define an overall logical arrangementof volume block number (vbn) space on the volume(s). Each logical volumeis generally, although not necessarily, associated with its own filesystem. The disks within a logical volume/file system are typicallyorganized as one or more groups, wherein each group may be operated as aRedundant Array of Independent (or Inexpensive) Disks (RAID). Most RAIDimplementations, such as a RAID-4 level implementation, enhance thereliability/integrity of data storage through the redundant writing ofdata “stripes” across a given number of physical disks in the RAIDgroup, and the appropriate storing of parity information with respect tothe striped data. An illustrative example of a RAID implementation is aRAID-4 level implementation, although it should be understood that othertypes and levels of RAID implementations may be used in accordance withthe inventive principles described herein.

C. Storage Operating System

To facilitate access to the disks 130, the storage operating system 300implements a write-anywhere file system that cooperates with one or morevirtualization modules to “virtualize” the storage space provided bydisks 130. The file system logically organizes the information as ahierarchical structure of named directories and files on the disks. Each“on-disk” file may be implemented as set of disk blocks configured tostore information, such as data, whereas the directory may beimplemented as a specially formatted file in which names and links toother files and directories are stored. The virtualization module(s)allow the file system to further logically organize information as ahierarchical structure of blocks on the disks that are exported as namedlogical unit numbers (luns).

In the illustrative embodiment, the storage operating system ispreferably the NetApp® Data ONTAP™ operating system available fromNetwork Appliance, Inc., Sunnyvale, Calif. that implements a WriteAnywhere File Layout (WAFL™) file system. However, it is expresslycontemplated that any appropriate storage operating system may beenhanced for use in accordance with the inventive principles describedherein. As such, where the term “WAFL” is employed, it should be takenbroadly to refer to any storage operating system that is otherwiseadaptable to the teachings of this invention.

FIG. 3 is a schematic block diagram of the storage operating system 300that may be advantageously used with the present invention. The storageoperating system comprises a series of software layers organized to forman integrated network protocol stack or, more generally, amulti-protocol engine 325 that provides data paths for clients to accessinformation stored on the node using block and file access protocols.The multi-protocol engine includes a media access layer 312 of networkdrivers (e.g., gigabit Ethernet drivers) that interfaces to networkprotocol layers, such as the IP layer 314 and its supporting transportmechanisms, the TCP layer 316 and the User Datagram Protocol (UDP) layer315. A file system protocol layer provides multi-protocol file accessand, to that end, includes support for the Direct Access File System(DAFS) protocol 318, the NFS protocol 320, the CIFS protocol 322 and theHypertext Transfer Protocol (HTTP) protocol 324. A VI layer 326implements the VI architecture to provide direct access transport (DAT)capabilities, such as RDMA, as required by the DAFS protocol 318. AniSCSI driver layer 328 provides block protocol access over the TCP/IPnetwork protocol layers, while a FC driver layer 330 receives andtransmits block access requests and responses to and from the node. TheFC and iSCSI drivers provide FC-specific and iSCSI-specific accesscontrol to the blocks and, thus, manage exports of luns to either iSCSIor FCP or, alternatively, to both iSCSI and FCP when accessing theblocks on the node 200.

In addition, the storage operating system includes a series of softwarelayers organized to form a storage server 365 that provides data pathsfor accessing information stored on the disks 130 of the node 200. Tothat end, the storage server 365 includes a file system module 360 incooperating relation with a volume striping module (VSM) 370, a RAIDsystem module 380 and a disk driver system module 390. The RAID system380 manages the storage and retrieval of information to and from thevolumes/disks in accordance with I/O operations, while the disk driversystem 390 implements a disk access protocol such as, e.g., the SCSIprotocol. The VSM 370 illustratively implements a striped volume set(SVS) described herein. As described further herein, the VSM co-operateswith the file system 360 to enable storage server 365 to service avolume of the SVS. In particular, the VSM 370 implements a Locate( )function 375 to compute the location of data container content in theSVS volume to thereby ensure consistency of such content served by thecluster.

The file system 360 implements a virtualization system of the storageoperating system 300 through the interaction with one or morevirtualization modules illustratively embodied as, e.g., a virtual disk(vdisk) module (not shown) and a SCSI target module 335. The vdiskmodule enables access by administrative interfaces, such as a userinterface of a management framework 1110 (see FIG. 11), in response to auser (system administrator) issuing commands to the node 200. The SCSItarget module 335 is generally disposed between the FC and iSCSI drivers328, 330 and the file system 360 to provide a translation layer of thevirtualization system between the block (lun) space and the file systemspace, where luns are represented as blocks.

The file system 360 is illustratively a message-based system thatprovides logical volume management capabilities for use in access to theinformation stored on the storage devices, such as disks. That is, inaddition to providing file system semantics, the file system 360provides functions normally associated with a volume manager. Thesefunctions include (i) aggregation of the disks, (ii) aggregation ofstorage bandwidth of the disks, and (iii) reliability guarantees, suchas minoring and/or parity (RAID). The file system 360 illustrativelyimplements the WAFL file system (hereinafter generally the“write-anywhere file system”) having an on-disk format representationthat is block-based using, e.g., 4 kilobyte (kB) blocks and using indexnodes (“inodes”) to identify files and file attributes (such astimestamps, access permissions, size and block location). The filesystem uses files to store meta-data describing the layout of its filesystem; these meta-data files include, among others, an inode file. Afile handle, i.e., an identifier that includes an inode number, is usedto retrieve an inode from disk.

Broadly stated, all inodes of the write-anywhere file system areorganized into the inode file. A file system (fs) info block specifiesthe layout of information in the file system and includes an inode of afile that includes all other inodes of the file system. Each logicalvolume (file system) has an fsinfo block that is preferably stored at afixed location within, e.g., a RAID group. The inode of the inode filemay directly reference (point to) data blocks of the inode file or mayreference indirect blocks of the inode file that, in turn, referencedata blocks of the inode file. Within each data block of the inode fileare embedded inodes, each of which may reference indirect blocks that,in turn, reference data blocks of a file.

Operationally, a request from the client 180 is forwarded as a packetover the computer network 140 and onto the node 200 where it is receivedat the network adapter 225. A network driver (of layer 312 or layer 330)processes the packet and, if appropriate, passes it onto a networkprotocol and file access layer for additional processing prior toforwarding to the write-anywhere file system 360. Here, the file systemgenerates operations to load (retrieve) the requested data from disk 130if it is not resident “in core”, i.e., in memory 224. If the informationis not in memory, the file system 360 indexes into the inode file usingthe inode number to access an appropriate entry and retrieve a logicalvbn. The file system then passes a message structure including thelogical vbn to the RAID system 380; the logical vbn is mapped to a diskidentifier and disk block number (disk,dbn) and sent to an appropriatedriver (e.g., SCSI) of the disk driver system 390. The disk driveraccesses the dbn from the specified disk 130 and loads the requesteddata block(s) in memory for processing by the node. Upon completion ofthe request, the node (and operating system) returns a reply to theclient 180 over the network 140.

It should be noted that the software “path” through the storageoperating system layers described above needed to perform data storageaccess for the client request received at the node may alternatively beimplemented in hardware. That is, in an alternate embodiment of theinvention, a storage access request data path may be implemented aslogic circuitry embodied within a field programmable gate array (FPGA)or an application specific integrated circuit (ASIC). This type ofhardware implementation increases the performance of the storage serviceprovided by node 200 in response to a request issued by client 180.Moreover, in another alternate embodiment of the invention, theprocessing elements of adapters 225, 228 may be configured to offloadsome or all of the packet processing and storage access operations,respectively, from processor 222, to thereby increase the performance ofthe storage service provided by the node. It is expressly contemplatedthat the various processes, architectures and procedures describedherein can be implemented in hardware, firmware or software.

As used herein, the term “storage operating system” generally refers tothe computer-executable code operable on a computer to perform a storagefunction that manages data access and may, in the case of a node 200,implement data access semantics of a general purpose operating system.The storage operating system can also be implemented as a microkernel,an application program operating over a general-purpose operatingsystem, such as UNIX® or Windows NT®, or as a general-purpose operatingsystem with configurable functionality, which is configured for storageapplications as described herein.

In addition, it will be understood to those skilled in the art that theinvention described herein may apply to any type of special-purpose(e.g., file server, filer or storage serving appliance) orgeneral-purpose node or computer, including a standalone computer orportion thereof, embodied as or including a storage system. Moreover,the teachings of this invention can be adapted to a variety of storagesystem architectures including, but not limited to, a network-attachedstorage environment, a storage area network and disk assemblydirectly-attached to a client or host computer. The term “storagesystem” should therefore be taken broadly to include such arrangementsin addition to any subsystems configured to perform a storage functionand associated with other equipment or systems. It should be noted thatwhile this description is written in terms of a write any where filesystem, the teachings of the present invention may be utilized with anysuitable file system, including a write in place file system.

D. CF Protocol

In the illustrative embodiment, the storage server 365 is embodied asD-module 350 of the storage operating system 300 to service one or morevolumes of array 120. In addition, the multi-protocol engine 325 isembodied as N-module 310 to (i) perform protocol termination withrespect to a client issuing incoming data access request packets overthe network 140, as well as (ii) redirect those data access requests toany storage server 365 of the cluster 100. Moreover, the N-module 310and D-module 350 cooperate to provide a highly-scalable, distributedstorage system architecture of the cluster 100. To that end, each moduleincludes a cluster fabric (CF) interface module 340 a,b adapted toimplement intra-cluster communication among the modules, includingD-module-to-D-module communication, for data container stripingoperations described herein.

The protocol layers, e.g., the NFS/CIFS layers and the iSCSI/FC layers,of the N-module 310 function as protocol servers that translatefile-based and block based data access requests from clients into CFprotocol messages used for communication with the D-module 350. That is,the N-module servers convert the incoming data access requests into filesystem primitive operations (commands) that are embedded within CFmessages by the CF interface module 340 for transmission to theD-modules 350 of the cluster 100. Notably, the CF interface modules 340cooperate to provide a single file system image across all D-modules 350in the cluster 100. Thus, any network port of an N-module that receivesa client request can access any data container within the single filesystem image located on any D-module 350 of the cluster.

Further to the illustrative embodiment, the N-module 310 and D-module350 are implemented as separately-scheduled processes of storageoperating system 300; however, in an alternate embodiment, the modulesmay be implemented as pieces of code within a single operating systemprocess. Communication between an N-module and D-module is thusillustratively effected through the use of message passing between themodules although, in the case of remote communication between anN-module and D-module of different nodes, such message passing occursover the cluster switching fabric 150. A known message-passing mechanismprovided by the storage operating system to transfer information betweenmodules (processes) is the Inter Process Communication (IPC) mechanism.The protocol used with the IPC mechanism is illustratively a genericfile and/or block-based “agnostic” CF protocol that comprises acollection of methods/functions constituting a CF applicationprogramming interface (API). Examples of such an agnostic protocol arethe SpinFS and SpinNP protocols available from Network Appliance, Inc.The SpinFS protocol is described in the above-referenced U.S. Pat. No.6,671,773.

The CF interface module 340 implements the CF protocol for communicatingfile system commands among the modules of cluster 100. Communication isillustratively effected by the D-module exposing the CF API to which anN-module (or another D-module) issues calls. To that end, the CFinterface module 340 is organized as a CF encoder and CF decoder. The CFencoder of, e.g., CF interface 340 a on N-module 310 encapsulates a CFmessage as (i) a local procedure call (LPC) when communicating a filesystem command to a D-module 350 residing on the same node 200 or (ii) aremote procedure call (RPC) when communicating the command to a D-moduleresiding on a remote node of the cluster 100. In either case, the CFdecoder of CF interface 340 b on D-module 350 de-encapsulates the CFmessage and processes the file system command.

FIG. 4 is a schematic block diagram illustrating the format of a CFmessage 400 in accordance with an embodiment of with the presentinvention. The CF message 400 is illustratively used for RPCcommunication over the switching fabric 150 between remote modules ofthe cluster 100; however, it should be understood that the term “CFmessage” may be used generally to refer to LPC and RPC communicationbetween modules of the cluster. The CF message 400 includes a mediaaccess layer 402, an IP layer 404, a UDP layer 406, a reliableconnection (RC) layer 408 and a CF protocol layer 410. As noted, the CFprotocol is a generic file system protocol that conveys file systemcommands related to operations contained within client requests toaccess data containers stored on the cluster 100; the CF protocol layer410 is that portion of message 400 that carries the file systemcommands, as well as other information related to the inventivecoherency control protocol. Illustratively, the CF protocol is datagrambased and, as such, involves trans-mission of messages or “envelopes” ina reliable manner from a source (e.g., an N-module 310) to a destination(e.g., a D-module 350). The RC layer 408 implements a reliable transportprotocol that is adapted to process such envelopes in accordance with aconnectionless protocol, such as UDP 406.

A data container, e.g., a file, is accessed in the file system using adata container handle. FIG. 5 is a schematic block diagram illustratingthe format of a data container handle 500 including a SVS ID field 502,an inode number field 504, a unique-ifier field 506, a striped flagfield 508 and a striping epoch number field 510. The SVS ID field 502contains a global identifier (within the cluster 100) of the SVS withinwhich the data container resides. The inode number field 504 contains aninode number of an inode (within an inode file) pertaining to the datacontainer. The unique-ifier field 506 contains a monotonicallyincreasing number that uniquely identifies the data container handle500. The unique-ifier is particularly useful in the case where an inodenumber has been deleted, reused and reassigned to a new data container.The unique-ifier distinguishes that reused mode number in a particulardata container from a potentially previous use of those fields. Thestriped flag field 508 is illustratively a Boolean value that identifieswhether the data container is striped or not. The striping epoch numberfield 510 indicates the appropriate striping technique for use with thisdata container for embodiments where the SVS utilizes differing stripingtechniques for different data containers.

E. File System Organization

In the illustrative embodiment, a data container is represented in thewrite-anywhere file system as an inode data structure adapted forstorage on the disks 130. FIG. 6 is a schematic block diagram of aninode 600, which preferably includes a meta-data section 605 and a datasection 660. The information stored in the meta-data section 605 of eachinode 600 describes the data container (e.g., a file) and, as such,includes the type (e.g., regular, directory, vdisk) 610 of file, itssize 615, timestamps (e.g., access and/or modification time) 620 andownership, i.e., user identifier (UID 625) and group ID (GID 630), ofthe file. The meta-data section 605 also includes a load generationfield 635 described further herein. The contents of the data section 660of each inode may be interpreted differently depending upon the type offile (inode) defined within the type field 610. For example, the datasection 660 of a directory inode contains meta-data controlled by thefile system, whereas the data section of a regular inode contains filesystem data. In this latter case, the data section 660 includes arepresentation of the data associated with the file.

Specifically, the data section 660 of a regular on-disk inode mayinclude file system data or pointers, the latter referencing 4 kB datablocks on disk used to store the file system data. Each pointer ispreferably a logical vbn to facilitate efficiency among the file systemand the RAID system 380 when accessing the data on disks. Given therestricted size (e.g., 128 bytes) of the inode, file system data havinga size that is less than or equal to 64 bytes is represented, in itsentirety, within the data section of that inode. However, if the lengthof the contents of the data container exceeds 64 bytes but less than orequal to 64 kB, then the data section of the inode (e.g., a first levelinode) comprises up to 16 pointers, each of which references a 4 kBblock of data on the disk.

Moreover, if the size of the data is greater than 64 kB but less than orequal to 64 megabytes (MB), then each pointer in the data section 660 ofthe inode (e.g., a second level inode) references an indirect block(e.g., a first level L1 block) that contains 1024 pointers, each ofwhich references a 4 kB data block on disk. For file system data havinga size greater than 64 MB, each pointer in the data section 660 of theinode (e.g., a third level L3 inode) references a double-indirect block(e.g., a second level L2 block) that contains 1024 pointers, eachreferencing an indirect (e.g., a first level L1) block. The indirectblock, in turn, contains 1024 pointers, each of which references a 4 kBdata block on disk. When accessing a file, each block of the file may beloaded from disk 130 into the memory 224.

When an on-disk inode (or block) is loaded from disk 130 into memory224, its corresponding in-core structure embeds the on-disk structure.For example, the dotted line surrounding the inode 600 indicates thein-core representation of the on-disk inode structure. The in-corestructure is a block of memory that stores the on-disk structure plusadditional information needed to manage data in the memory (but not ondisk). The additional information may include, e.g., a “dirty” bit 670.After data in the inode (or block) is updated/modified as instructed by,e.g., a write operation, the modified data is marked “dirty” using thedirty bit 670 so that the inode (block) can be subsequently “flushed”(stored) to disk. The in-core and on-disk format structures of the WAFLfile system, including the inodes and inode file, are disclosed anddescribed in the previously incorporated U.S. Pat. No. 5,819,292 titledMETHOD FOR MAINTAINING CONSISTENT STATES OF A FILE SYSTEM AND FORCREATING USER-ACCESSIBLE READ-ONLY COPIES OF A FILE SYSTEM by David Hitzet al., issued on Oct. 6, 1998.

FIG. 7 is a schematic block diagram of an embodiment of a buffer tree ofa file that may be advantageously used with the present invention. Thebuffer tree is an internal representation of blocks for a file (e.g.,file 700) loaded into the memory 224 and maintained by thewrite-anywhere file system 360. That is, for each inode of a file, thefile system 360 constructs an associated buffer tree in the buffer cache250 for use, e.g., by the D-module 350. A root (top-level) inode 702,such as an embedded inode, references indirect (e.g., level 1) blocks704. Note that there may be additional levels of indirect blocks (e.g.,level 2, level 3) depending upon the size of the file. The indirectblocks (and inode) contain pointers 705 that ultimately reference databuffers (data blocks 706) used to store the actual data of the file.That is, the data of file 700 are contained in data blocks and thelocations of these blocks are stored in the indirect blocks of the file.Each level 1 indirect block 704 may contain pointers to as many as 1024data blocks. According to the “write anywhere” nature of the filesystem, these blocks may be located anywhere on the disks 130.

A file system layout is provided that apportions an underlying physicalvolume into one or more virtual volumes (or flexible volumes) of astorage system, such as node 200. An example of such a file systemlayout is described in U.S. patent application Ser. No. 10/836,817titled EXTENSION OF WRITE ANYWHERE FILE SYSTEM LAYOUT, by John K.Edwards et al. and assigned to Network Appliance, Inc. now issued asU.S. Pat. No. 7,409,494 on Aug. 5, 2008. The underlying physical volumeis an aggregate comprising one or more groups of disks, such as RAIDgroups, of the node. The aggregate has its own physical volume blocknumber (pvbn) space and maintains meta-data, such as block allocationstructures, within that pvbn space. Each flexible volume has its ownvirtual volume block number (vvbn) space and maintains meta-data, suchas block allocation structures, within that vvbn space. Each flexiblevolume is a file system that is associated with a container file; thecontainer file is a file in the aggregate that contains all blocks usedby the flexible volume. Moreover, each flexible volume comprises datablocks and indirect blocks that contain block pointers that point ateither other indirect blocks or data blocks.

In one embodiment, pvbns are used as block pointers within buffer treesof files (such as file 700) stored in a flexible volume. This “hybrid”flexible volume embodiment involves the insertion of only the pvbn inthe parent indirect block (e.g., Mode or indirect block). On a read pathof a logical volume, a “logical” volume (vol) info block has one or morepointers that reference one or more fsinfo blocks, each of which, inturn, points to an Mode file and its corresponding Mode buffer tree. Theread path on a flexible volume is generally the same, following pvbns(instead of vvbns) to find appropriate locations of blocks; in thiscontext, the read path (and corresponding read performance) of aflexible volume is substantially similar to that of a physical volume.Translation from pvbn-to-disk,dbn occurs at the file system/RAID systemboundary of the storage operating system 300.

In an illustrative dual vbn hybrid flexible volume embodiment, both apvbn and its corresponding vvbn are inserted in the parent indirectblocks in the buffer tree of a file. That is, the pvbn and vvbn arestored as a pair for each block pointer in most buffer tree structuresthat have pointers to other blocks, e.g., level 1(L1) indirect blocks,Mode file level 0 (L0) blocks. FIG. 8 is a schematic block diagram of anillustrative embodiment of a buffer tree of a file 800 that may beadvantageously used with the present invention. A root (top-level) inode802, such as an embedded Mode, references indirect (e.g., level 1)blocks 804. Note that there may be additional levels of indirect blocks(e.g., level 2, level 3) depending upon the size of the file. Theindirect blocks (and Mode) contain pvbn/vvbn pointer pair structures 808that ultimately reference data buffers (data blocks 806) used to storethe actual data of the file.

The pvbns reference locations on disks of the aggregate, whereas thevvbns reference locations within files of the flexible volume. The useof pvbns as block pointers 808 in the indirect blocks 804 providesefficiencies in the read paths, while the use of vvbn block pointersprovides efficient access to required meta-data. That is, when freeing ablock of a file, the parent indirect block in the file contains readilyavailable vvbn block pointers, which avoids the latency associated withaccessing an owner map to perform pvbn-to-vvbn translations; yet, on theread path, the pvbn is available.

FIG. 9 is a schematic block diagram of an embodiment of an aggregate 900that may be advantageously used with the present invention. Luns(blocks) 902, directories 904, qtrees 906 and files 908 may be containedwithin flexible volumes 910, such as dual vbn flexible volumes, that, inturn, are contained within the aggregate 900. The aggregate 900 isillustratively layered on top of the RAID system, which is representedby at least one RAID plex 950 (depending upon whether the storageconfiguration is mirrored), wherein each plex 950 comprises at least oneRAID group 960. Each RAID group further comprises a plurality of disks930, e.g., one or more data (D) disks and at least one (P) parity disk.

Whereas the aggregate 900 is analogous to a physical volume of aconventional storage system, a flexible volume is analogous to a filewithin that physical volume. That is, the aggregate 900 may include oneor more files, wherein each file contains a flexible volume 910 andwherein the sum of the storage space consumed by the flexible volumes isphysically smaller than (or equal to) the size of the overall physicalvolume. The aggregate utilizes a physical pvbn space that defines astorage space of blocks provided by the disks of the physical volume,while each embedded flexible volume (within a file) utilizes a logicalvvbn space to organize those blocks, e.g., as files. Each vvbn space isan independent set of numbers that corresponds to locations within thefile, which locations are then translated to dbns on disks. Since theflexible volume 910 is also a logical volume, it has its own blockallocation structures (e.g., active, space and summary maps) in its vvbnspace.

A container file is a file in the aggregate that contains all blocksused by a flexible volume. The container file is an internal (to theaggregate) feature that supports a flexible volume; illustratively,there is one container file per flexible volume. Similar to a purelogical volume in a file approach, the container file is a hidden file(not accessible to a user) in the aggregate that holds every block inuse by the flexible volume. The aggregate includes an illustrativehidden meta-data root directory that contains subdirectories of flexiblevolumes:

-   -   WAFL/fsid/filesystem file, storage label file

Specifically, a physical file system (WAFL) directory includes asubdirectory for each flexible volume in the aggregate, with the name ofsubdirectory being a file system identifier (fsid) of the flexiblevolume. Each fsid subdirectory (flexible volume) contains at least twofiles, a filesystem file and a storage label file. The storage labelfile is illustratively a 4 kB file that contains meta-data similar tothat stored in a conventional raid label. In other words, the storagelabel file is the analog of a raid label and, as such, containsinformation about the state of the flexible volume such as, e.g., thename of the flexible volume, a universal unique identifier (uuid) andfsid of the flexible volume, whether it is online, being created orbeing destroyed, etc.

FIG. 10 is a schematic block diagram of an on-disk representation of anaggregate 1000. The storage operating system 300, e.g., the RAID system380, assembles a physical volume of pvbns to create the aggregate 1000,with pvbns 1 and 2 comprising a “physical” volinfo block 1002 for theaggregate. The volinfo block 1002 contains block pointers to fsinfoblocks 1004, each of which may represent a snapshot of the aggregate.Each fsinfo block 1004 includes a block pointer to an inode file 1006that contains inodes of a plurality of files, including an owner map1010, an active map 1012, a summary map 1014 and a space map 1016, aswell as other special meta-data files. The inode file 1006 furtherincludes a root directory 1020 and a “hidden” meta-data root directory1030, the latter of which includes a namespace having files related to aflexible volume in which users cannot “see” the files. The hiddenmeta-data root directory includes the WAFL/fsid/directory structure thatcontains filesystem file 1040 and storage label file 1090. Note thatroot directory 1020 in the aggregate is empty; all files related to theaggregate are organized within the hidden meta-data root directory 1030.

In addition to being embodied as a container file having level 1 blocksorganized as a container map, the filesystem file 1040 includes blockpointers that reference various file systems embodied as flexiblevolumes 1050. The aggregate 1000 maintains these flexible volumes 1050at special reserved inode numbers. Each flexible volume 1050 also hasspecial reserved inode numbers within its flexible volume space that areused for, among other things, the block allocation bitmap structures. Asnoted, the block allocation bitmap structures, e.g., active map 1062,summary map 1064 and space map 1066, are located in each flexiblevolume.

Specifically, each flexible volume 1050 has the same inode filestructure/content as the aggregate, with the exception that there is noowner map and no WAFL/fsid/filesystem file, storage label file directorystructure in a hidden meta-data root directory 1080. To that end, eachflexible volume 1050 has a volinfo block 1052 that points to one or morefsinfo blocks 1054, each of which may represent a snapshot along withthe active file system of the flexible volume. Each fsinfo block, inturn, points to an inode file 1060 that, as noted, has the same inodestructure/content as the aggregate with the exceptions noted above. Eachflexible volume 1050 has its own inode file 1060 and distinct inodespace with corresponding inode numbers, as well as its own root (fsid)directory 1070 and subdirectories of files that can be exportedseparately from other flexible volumes.

The storage label file 1090 contained within the hidden meta-data rootdirectory 1030 of the aggregate is a small file that functions as ananalog to a conventional raid label. A raid label includes physicalinformation about the storage system, such as the volume name; thatinformation is loaded into the storage label file 1090. Illustratively,the storage label file 1090 includes the name 1092 of the associatedflexible volume 1050, the online/offline status 1094 of the flexiblevolume, and other identity and state information 1096 of the associatedflexible volume (whether it is in the process of being created ordestroyed).

F. VLDB

FIG. 11 is a schematic block diagram illustrating a collection ofmanagement processes that execute as user mode applications 1100 on thestorage operating system 300 to provide management of configurationinformation (i.e. management data) for the nodes of the cluster. To thatend, the management processes include a management framework process1110 and a volume location database (VLDB) process 1130, each utilizinga data replication service (RDB 1150) linked as a library. Themanagement framework 1110 provides an administrator 1170 with a userinterface via a command line interface (CLI) and/or a web-basedgraphical user interface (GUI). The management framework isillustratively based on a conventional common interface model (CIM)object manager that provides the entity to which users/systemadministrators interact with a node 200 in order to manage the cluster100.

The VLDB 1130 is a database process that tracks the locations of variousstorage components (e.g., SVSs, flexible volumes, aggregates, etc.)within the cluster 100 to thereby facilitate routing of requeststhroughout the cluster. In the illustrative embodiment, the N-module 310of each node accesses a configuration table 235 that maps the SVS ID 502of a data container handle 500 to a D-module 350 that “owns” (services)the data container within the cluster. The VLDB includes a plurality ofentries which, in turn, provide the contents of entries in theconfiguration table 235; among other things, these VLDB entries keeptrack of the locations of the flexible volumes (hereinafter generally“volumes 910”) and aggregates 900 within the cluster. Examples of suchVLDB entries include a VLDB volume entry 1200 and a VLDB aggregate entry1300.

FIG. 12 is a schematic block diagram of an exemplary VLDB volume entry1200. The entry 1200 includes a volume ID field 1205, an aggregate IDfield 1210 and, in alternate embodiments, additional fields 1215. Thevolume ID field 1205 contains an ID that identifies a volume 910 used ina volume location process. The aggregate ID field 1210 identifies theaggregate 900 containing the volume identified by the volume ID field1205. Likewise, FIG. 13 is a schematic block diagram of an exemplaryVLDB aggregate entry 1300. The entry 1300 includes an aggregate ID field1305, a D-module ID field 1310 and, in alternate embodiments, additionalfields 1315. The aggregate ID field 1305 contains an ID of a particularaggregate 900 in the cluster 100. The D-module ID field 1310 contains anID of the D-module hosting the particular aggregate identified by theaggregate ID field 1305.

The VLDB illustratively implements a RPC interface, e.g., a Sun RPCinterface, which allows the N-module 310 to query the VLDB 1130. Whenencountering contents of a data container handle 500 that are not storedin its configuration table, the N-module sends an RPC to the VLDBprocess. In response, the VLDB 1130 returns to the N-module theappropriate mapping information, including an ID of the D-module thatowns the data container. The N-module caches the information in itsconfiguration table 235 and uses the D-module ID to forward the incomingrequest to the appropriate data container. All functions andinteractions between the N-module 310 and D-module 350 are coordinatedon a cluster-wide basis through the collection of management processesand the RDB library user mode applications 1100.

To that end, the management processes have interfaces to (are closelycoupled to) RDB 1150. The RDB comprises a library that provides apersistent object store (storing of objects) for the management dataprocessed by the management processes. Notably, the RDB 1150 replicatesand synchronizes the management data object store access across allnodes 200 of the cluster 100 to thereby ensure that the RDB databaseimage is identical on all of the nodes 200. At system startup, each node200 records the status/state of its interfaces and IP addresses (thoseIP addresses it “owns”) into the RDB database.

G. Storage System Architecture

The present invention is illustratively implemented on a storage systemarchitecture comprising two or more volumes 910 distributed across aplurality of nodes 200 of cluster 100. The volumes are organized as aSVS and configured to store content of data containers, such as filesand luns, served by the cluster in response to multi-protocol dataaccess requests issued by clients 180. Notably, the content of each datacontainer is apportioned among the volumes of the SVS to thereby improvethe efficiency of storage service provided by the cluster. To facilitatea description and understanding of the present invention, datacontainers are hereinafter referred to generally as “files”.

The SVS comprises a meta-data volume (MDV) and one or more data volumes(DV). The MDV is configured to store a canonical copy of certainmeta-data, including access control lists (ACLs) and directories,associated with all files stored on the SVS, whereas each DV isconfigured to store, at least, data content of those files. For eachfile stored on the SVS, one volume is designated the container attributevolume (CAV) and, to that end, is configured to store (“cache”) certain,rapidly-changing attribute meta-data, including time stamps and filelength, associated with that file to thereby offload access requeststhat would otherwise be directed to the MDV.

In the illustrative embodiment described herein, determination of theCAV for a file is based on a simple rule: designate the volume holdingthe first stripe of content (data) for the file as the CAV for the file.Not only is this simple rule convenient, but it also provides anoptimization for small files. That is, a CAV may be able to performcertain operations without having to communicate with other volumes ofthe SVS if the file is small enough to fit within the specified stripewidth. Ideally, the first stripes of data for files are distributedamong the DVs of the SVS to thereby facilitate even distribution of CAVdesignations among the volumes of the SVS. In alternate embodiments,data for files is striped across the MDV and the DVs.

FIG. 14 is a schematic block diagram of the inode files of an SVS 1400in accordance with an embodiment of the present invention. The SVS 1400illustratively comprises three volumes, namely MDV 1405 and two DVs1410, 1415. It should be noted that in alternate embodiments additionaland/or differing numbers of volumes may be utilized in accordance withthe present invention. Illustratively, the MDV 1405 stores a pluralityof inodes, including a root directory (RD) inode 1420, a directory (DIR)inode 1430, file (F) inodes 1425, 1435, 1445 and an ACL inode 1440. Eachof these inodes illustratively includes meta-data (M) associated withthe inode. In the illustrative embodiment, each inode on the MDV 1405does not include data (D); however, in alternate embodiments, the MDVmay include user data.

In contrast, each DV 1410, 1415 stores only file (F) inodes 1425, 1435,1445 and ACL inode 1440. According to the inventive architecture, a DVdoes not store directories or other device inodes/constructs, such assymbolic links; however, each DV does store F inodes, and may storecached copies of ACL inodes, that are arranged in the same locations astheir respective inodes in the MDV 1405. A particular DV may not store acopy of an inode until an I/O request for the data container associatedwith the inode is received by the D-module serving a particular DV.Moreover, the contents of the files denoted by these F inodes areperiodically sparse according to SVS striping rules, as describedfurther herein. In addition, since one volume is designated the CAV foreach file stored on the SVS 1400, DV 1415 is designated the CAV for thefile represented by inode 1425 and DV 1410 is the CAV for the filesidentified by inodes 1435, 1445. Accordingly, these CAVs cache certain,rapidly-changing attribute meta-data (M) associated with those filessuch as, e.g., file size 615, as well as access and/or modification time(mtime) stamps 620.

The SVS is associated with a set of striping rules that define a stripealgorithm, a stripe width and an ordered list of volumes within the SVS.The striping rules for each SVS are illustratively stored as an entry ofVLDB 1130 and accessed by SVS ID. FIG. 15 is a schematic block diagramof an exemplary VLDB SVS entry 1500 in accordance with an embodiment ofthe present invention. The VLDB entry 1500 includes a SVS ID field 1505and one or more sets of striping rules 1530. In alternate embodimentsadditional fields 1535 may be included. The SVS ID field 1505 containsthe ID of a SVS which, in operation, is specified in data containerhandle 500.

Each set of striping rules 1530 illustratively includes a stripe widthfield 1510, a stripe algorithm ID field 1515, an ordered list of volumesfield 1520 and, in alternate embodiments, additional fields 1525. Thestriping rules 1530 contain information for identifying the organizationof a SVS. For example, the stripe algorithm ID field 1515 identifies astriping algorithm used with the SVS. In the illustrative embodiment,multiple striping algorithms could be used with a SVS; accordingly,stripe algorithm ID is needed to identify which particular algorithm isutilized. Each striping algorithm, in turn, specifies the manner inwhich file content is apportioned as stripes across the plurality ofvolumes of the SVS. The stripe width field 1510 specifies the size/widthof each stripe. The ordered list of volumes field 1520 contains the IDsof the volumes comprising the SVS. Moreover, the ordered list of volumesmay specify the function and implementation of the various volumes andstriping rules of the SVS. For example, the first volume in the orderedlist may denote the MDV of the SVS, whereas the ordering of volumes inthe list may denote the manner of implementing a particular stripingalgorithm, e.g., round-robin.

A Locate( ) function 375 is provided that enables the VSM 370 and othermodules (such as those of N-module 310) to locate a D-module 350 and itsassociated volume of a SVS 1400 in order to service an access request toa file. The Locate( ) function takes as arguments, at least (i) a SVS ID1505, (ii) an offset within the file, (iii) the inode number for thefile and (iv) a set of striping rules 1530, and returns the volume 910on which that offset begins within the SVS 1400. For example, assume adata access request directed to a file is issued by a client 180 andreceived at the N-module 310 of a node 200, where it is parsed throughthe multi-protocol engine 325 to the appropriate protocol server ofN-module 310. To determine the location of a D-module 350 to which totransmit a CF message 400, the N-module 310 may first retrieve a SVSentry 1500 to acquire the striping rules 1530 (and list of volumes 1520)associated with the SVS. The N-module 310 then executes the Locate( )function 375 to identify the appropriate volume to which to direct anoperation. Thereafter, the N-module may retrieve the appropriate VLDBvolume entry 1200 to identify the aggregate containing the volume andthe appropriate VLDB aggregate entry 1300 to ultimately identify theappropriate D-module 350. The protocol server of N-module 310 thentransmits the CF message 400 to the D-module 350.

H. Data Access Operation Ordering

Broadly stated, if a client requires ordering of data access operationsissued to the nodes 200 of cluster 100, it is the responsibility of thatclient to ensure such ordering. For example, if the client 180 issues aplurality of operations directed to a region of a file or if two clientssimultaneously attempt to modify the same region of the file, theordering of those operations is not guaranteed unless the client waitsfor a round-trip of each operation to complete. In this context, a roundtrip denotes communication (e.g., a “ping”) from the N-module 310 to theD-module 350 indicating the region (buffer) of the file that theN-module would like to service in response to the operation issued bythe client. However, once ordering is established, the file system 360ensures that each operation in that established order is treatedatomically. The round trip ensures that the N-module has a valid cacheof data by quickly validating the content of that cache, whilemaintaining file system control over the coherency of the data in thefile.

Specifically, the architecture of the file system 360 illustrativelyprovides coherency control that imposes order on read and writeoperations for a file with respect to each other. Write operations occurduring modified phases of the file system and read operations occurbetween these phases. Coherency ordering is achieved by serializing theoperations such that only one operation is allowed to be in a modifyphase at a time. In fact, an invariant of the illustrative (WAFL) filesystem 360 is that it serializes the effects of all read and writeoperations to a file. Execution of a write operation is atomic andexecution of a read operation reflects either all or none of the resultsof that write operation. Thus, an ordering sequence internal to the nodeis established at the file system layer 360 of the storage operatingsystem 300.

The illustrative file system maintains such coherency control throughthe use of file system images representing the state of a file. FIG. 16is a diagram illustrating data buffers or blocks 1610 of a file arrayedin file space over time. At various times, some blocks are modified viawrite operations (W) and the diagram indicates the point in time atwhich these blocks are valid. Some modifications are coupled together(circled) in the same write operation and are treated atomically, whileother modifications are performed either by different nodes or by thesame node at different times. Read operations (R) may occur anywhere inthe file at any time, although the file system prevents a read operationfrom “crossing” (executing during) an atomically coupled writeoperation. Thus, from the perspective of an N-module 310, the state ofthe file system at any time appears as an advancing wavefront 1650. Theillustrative file system 360 guarantees that when scheduling a messagereceived from an N-module to validate its buffer, the response to theN-module will reflect a valid state of the file. The advancing wavefront1650 represents a simple synchronization mechanism for ensuring a validfile system state.

According to the illustrative distributed storage system architecture,an N-module 310 that receives a client request directed to a fileinitially attempts to serve that request from its local cache 240.However, the N-module does not necessarily know whether its local cacheis up-to-date because there may be activity at another N-module of thecluster 100 that, e.g., is also writing to that same file. Writerequests are “pushed through” (written) to the D-module 350, whereasread requests are attempted to be serviced first from the local N-modulecache or, alternatively, at the appropriate D-module.

I. Lightweight Coherency Control Protocol

The present invention is directed to a system and method for ensuringthat a copy of a region of file data (i.e., a data buffer) stored in alocal cache 240 of an N-module 310 is up-to-date with respect to theauthoritative copy of that data served by the D-module 350. Morespecifically, the present invention is directed to a lightweightcoherency control protocol that ensures consistency of data containers,such as files, and associated data buffers stored on one or more volumesserved by a plurality of nodes, e.g., storage systems, connected as acluster. Each file is illustratively identified by a file identifier(file ID) and each data buffer is represented by a file block number(fbn) that identifies the position or offset of the buffer within thefile.

According to an aspect of the invention, each buffer is associated witha current cache sequence number comprising a load generation value andan update count value. The load generation value is incremented everytime an inode 802 (FIG. 8) is loaded from disk 130 into memory 224,i.e., buffer cache 250, of D-module 350. Once the inode 802 for a file,such as file 800, is loaded and its load generation value is set, thenthe appropriate buffer (e.g., data block 806) of a buffer tree for thefile is loaded into the memory. The update count value is incrementedeach time the buffer 806 is updated with a write request/operation.Therefore, each buffer 806 loaded into the buffer cache 250 of memory224 is tagged with the load generation value and an update count fromthe time that buffer is loaded.

FIG. 17 is a flowchart illustrating an aspect of the lightweightcoherency control protocol procedure in accordance with the presentinvention. The procedure starts at Step 1700 and proceeds to Step 1702where an inode for a file is initially loaded into memory (buffercache). In Step 1704, the load generation value is incremented, e.g., to“1”, and, in Step 1706, a buffer is loaded into the buffer cache. InStep 1708, a modification is made to the buffer and the update count isalso incremented, e.g., to “1” (Step 1710). In Step 1712, adetermination is made as to whether the inode and buffer are then“flushed” (unloaded) from D-module memory and written to disk. Note thatunloading of the inode for a file from the buffer cache of the D-moduleeffectively invalidates all local caches of all N-modules, i.e., all ofthe inode's buffers are freed-up from memory and their update counts arezeroed. If both the inode and buffer are flushed to disk, then the nexttime that the inode is reloaded into the buffer cache from disk (Step1714), the load generation number is again incremented, e.g., to “2”, inStep 1716. Thereafter, when the buffer is subsequently reloaded intomemory in Step 1718, its current cache sequence number (equal to theconcatenation of the load generation value and the update count) is setin Step 1720. In Step 1722, a modification is made to the buffer and itsupdate count restarts (e.g., at zero) for this next generation in Step1724. The procedure then ends at Step 1734.

However, if only the buffer is flushed to disk and the inode remainsresident in the buffer cache, then the next time the buffer is reloadedinto the buffer cache from disk (Step 1726), its current cache sequencenumber is set in Step 1728. In Step 1730, a modification is made to thebuffer and the update count is incremented, e.g., to “2” (Step 1732).According to the invention, the update count advances for every bufferwhenever it is modified, even if that buffer is freed-up from memory andsubsequently loaded from disk, as long as its inode remains loaded inmemory. Moreover, if the inode remains resident (loaded) in memory, theload generation number for that inode does not change (even if buffersof its buffer tree are being loaded, modified, written to disk andunloaded). In that case, only the update count for each affected bufferchanges. Thus, the load generation number only changes when the inodeitself is unloaded and then loaded again. The procedure then ends atStep 1734.

In the illustrative embodiment, inode 802 (described in reference toinode 600, FIG. 6) is extended to include a load generation field (suchas load generation field 635) that contains the load generation value.In addition, the file system 360 on D-module 350 maintains a datastructure, illustratively embodied as a cache list or table stored inbuffer cache 250 of memory 224, which is configured to hold the currentcache sequence number of the present invention. FIG. 18 is a schematicblock diagram of a cache table 1800 that may be advantageously used withthe present invention. The cache table 1800 has one or more entries1810, each containing a current cache sequence number comprising a loadgeneration value 1830 and an update count value 1840 for the buffers 806of its responsible files or file regions. The cache table 1800 can beimplemented either has a hash table (indexed by fbn) or a sparse tablecontaining one value per possible buffer 806 that may be loaded inmemory.

Illustratively, the file system 360 on the D-module 350 combines theload generation value 1830 and update count value 1840 to form thecurrent cache sequence number for the data buffer 806. That is, for theduration of each inode 802 loaded into memory, the file system 360maintains the update count value 1840 for each buffer 806 that has alsobeen loaded in memory. Note that the local cache 240 on the N-module 310is valid only as long as the inode 802 is resident in memory. Thecontents of the data buffers 806 can be deleted (“flushed”) from thecache 240 and stored (“pushed back”) to disk 130 as long as the filesystem 360 on the D-module 350 keeps track of the update counts in casethe buffers are thereafter loaded again.

Broadly stated, in response to receiving the data access (read) requestfrom a client that is directed to a file, an N-module forwards a messageto the appropriate D-module to validate the particular file and databuffer that the N-module attempts to serve. The D-module retrieves theinode of the requested file and determines whether the data buffer iscached at the N-module and, if so, whether that cached copy isrepresentative of the most recent version of the data buffer (as denotedby a current cache sequence number). If the copy of the data buffercached at the N-module represents the most recent version of the buffer,the D-module returns a response to the N-module indicating that thecached buffer can be used to service the read request. Otherwise, theD-module returns (i) a copy of the updated data buffer to the N-moduleas part of the response or (ii) a response indicating that the cachedbuffer is “stale”. In the latter case, the N-module then forwards amessage to the D-module requesting the updated data buffer.

In accordance with another aspect of the invention, modified (“dirty”)buffers stored in the local cache 240 of the N-module do not have to berevoked, unlike a typical cluster file system. That is, the dirtybuffers do not have to be invalidated synchronously because otherN-modules 310 may not request the buffers and, even if one does, thatN-module must validate the request directed to the buffer. Thus, theinventive technique enables an N-module to provide “as needed”validation of a requested buffer 806 back to the D-module 350 thatserves (“owns”) that region of the file. Validation is generally fast,thereby facilitating servicing of the request from the N-module cache.

In response to a message from an N-module to validate a cached databuffer 806 for a particular file 800, the D-module 350 responds with theproper version(s) of the data buffer(s) needed to service the request.The D-module effectively schedules the request (e.g., a read operation),examines the affected buffer and determines the proper version of thatbuffer. The D-module (or, more specifically, the file system 360) thenresponds to the N-module with proper load generation value 1830 andupdate count value 1840 for the buffer (i.e., the proper update countand load generation value after inode for the file is loaded).

In the illustrative embodiment, the invention may be implemented suchthat the N-module 310 provides the D-module 350 with an indication ofthe interested data buffers 806 (regions of a file) and the D-moduleresponds with the proper versions needed. The N-module can thendetermine if it has the proper versions and, if not, request thosebuffers that are not updated. Alternatively, the N-module/D-moduleexchange can be reduced to a single round trip wherein the N-moduleprovides an indication of the buffers and versions of the buffers in itscache 240 for the file. The D-module 350 then determines whether thosecached buffers are stale and, if so, responds with proper version ofthat data. For those cached buffers that are current, the D-modulemerely responds with an acknowledgement that the buffers are up-to-date.

FIGS. 19A, 19B are schematic block diagrams illustrating operation ofthe light-weight coherency control protocol for a clustered storagesystem in accordance with the present invention. For ease of depictionand description, cluster 1900 comprises two N-modules 310 incommunicating relation with a D-module 350 configured to serviceparticular buffers 806 of a file 800. A first client C1 issues a firstread request (operation) R1 to a first N-module, wherein the first readrequest R1 is directed to blocks (buffers) 0, 1, 2 of a file. A secondclient C2 then issues a write request (operation) W to a secondN-module, wherein the write request is directed to the buffers 0, 1 ofthe same file. The first client C1 thereafter issues a second readrequest R2 to the first N-module, wherein the second read request R2 isdirected to buffers 0, 1, 2, 3 of the same file.

Refer to FIG. 19A. In response to receiving the first read request R1,the first N-module examines its local cache 240 and determines that therequested buffers 806 are not stored therein. The first N-module thussends a CF message 400 to the D-module in order to service the request.Illustratively, the CF protocol layer 410 of the message 400 includes afile ID 412 (FIG. 4) along with an fbn 414 and current cache sequencenumber for each requested buffer 806, e.g., buf0-buf2. It should benoted that the arrangement of file ID 412 with fbn 414 and current cachesequence number is illustrative only and other messaging arrangementscontaining other information may also be used with the invention.

The D-module 350 loads the inode 802 for the file 800 (if it is notalready loaded) into the buffer cache 250 and sets the load generationvalue 1830 (e.g., 17) by incrementing a previous value (e.g., 16) storedin the load generation field 635 of the inode. The D-module then loadsthe requested buffers 806 (if they are not already loaded), constructingonly that portion of the buffer tree for the file 800 as needed.Illustratively, the update count value 1840 for each requested buffer,e.g., buf0, buf1, buf2, equals zero. The D-module then responds to theN-module 310 by returning a CF message 400 containing the requested data(buf0-buf2) along with their current cache sequence numbers, e.g., buf0data (17,0), buf1 data (17,0) and buf2 data (17,0). The first N-modulethereafter returns the requested data to the client C1.

In response to receiving the write request, the second N-module forwardsthe request to the D-module 350, which services the write request tobuf0 and buf1. To that end, the D-module modifies the data for buf0,buf1 and stores the modified buffers to disk 130. Notably, the D-moduledoes not increment the load generation value 1830 since the inode 802 isalready loaded into memory; as a result, the load generation valueremains the same (e.g., 17). However, since buf0 and buf1 have beenmodified with data, the D-module (file system 360) increments the updatecount values 1840 to, e.g., one for those buffers. The D-module may thenreturn modified buffer sequence numbers to the N-module 310; in anyevent, the D-module acknowledges completion of the modification to theN-module which, in turn, acknowledges the write request to the clientC2.

Refer now to FIG. 19B. The second read request is then received at thefirst N-module, which sends a message 400 to the D-module to validatethe file and data buffers cached at the N-module. Again, the CF message400 includes the file ID 412 as well as the fbn 414 and current cachesequence number for each requested buffer, e.g., buf0 (17,0), buf1(17,0), buf2 (17,0) and buf 3 (null). According to the invention, if thecopy of the buffer cached at the N-module represents the most recentversion of the data for that buffer, the D-module returns a response tothe N-module indicating that the cached buffer can be used to servicethe read request. Otherwise, the D-module returns a copy of the updateddata buffer to the N-module with the current cache sequence number forthe buffer 806. Therefore, the response from the D-module to the firstN-module illustratively comprises buf0 data (17,1), buf1 data (17,1)buf2 (17,0) and buf3 data (17,0). Note that since the first N-module hasthe most recent version of the data for buf2, only the fbn and currentcache sequence number (and no data) are returned for that buffer.

Advantageously, the inventive coherency control protocol does notrequire the use of distributed locking, such as range locks, as commonlyused with distributed multi-storage system architectures. Theillustrative file system 360 inherently serializes operations directedto an inode and the inventive coherency control protocol exploits thatinherent function by serializing incoming operation requests in oneplace, i.e., at the D-module (file system) servicing that inode (or atleast the region of the file represented by that inode).

While there has been shown and described an illustrative embodiment of anovel lightweight coherency control protocol for ensuring theconsistency of data containers stored on one or more volumes served by aplurality of storage systems connected as a cluster, it is to beunderstood that various other adaptations and modifications may be madewithin the spirit and scope of the invention. For example, in analternate embodiment of the invention, the contents of the cache table1800 can be stored in the buffer tree of a file 800, since each buffertree has buffer descriptors (not shown) that contain information abouteach of the buffers 806. Specifically, the buffer tree in memory (buffercache 250) comprises buffer descriptors for indirect blocks 804 thateventually point to buffer descriptors for the data buffers (data blocks806). Each of the latter buffer descriptors for the data blocks pointsto an appropriate 4 kB “page” or data buffer 806 containing the actualdata.

According to this alternate embodiment of the invention, a current cachesequence number field may be added to each buffer descriptor, while theload generation value is “inherited” from the inode 802 of the file 800.Thus, the in-memory inode has a field 635 that holds the new loadgeneration value 1830 and each in-memory buffer descriptor of a databuffer 806 may be extended to include a field that holds the currentupdate count value 1840. Each time a buffer 806 is retrieved, theN-module 310 combines the load generation value 1830 and update countvalue 1840 to form the current cache sequence number for the data buffer806. Thus, the current cache sequence numbers (and, in particular, theupdate count values) can be stored in either the buffer descriptors orin the separate cache table 1700.

For the embodiment wherein one round trip (between the N-module andD-module) indicates the most up-to-date cache sequence number needed toserve the request and another round trip fetches the required databuffers 806, the separate cache table 1800 may be employed because itcan be accessed very quickly and contains all the cache sequence numbersfor each buffer 806 resident in memory 224. However, for the embodimentthat uses only one round trip to validate and, if necessary, provide therequested data buffer, the buffer tree for the file must be accessed toservice the request so it is efficient to also access the bufferdescriptors to obtain the required values. Therefore, the cache table isnot required for that embodiment.

Note that when a data buffer is flushed to disk and invalidated from thebuffer cache, its buffer descriptor, which had been used to keep trackof the update count on that buffer, is also invalidated and, thus, thetracking information is lost. Accordingly, the cache table isillustratively maintained in buffer cache to hold update counts forbuffers that have been unloaded from memory. In response to subsequentlyloading a buffer for a file, this table may be accessed to determinewhether the buffer was unloaded previously during the time the inoderemained loaded (stayed) in memory.

The foregoing description has been directed to particular embodiments ofthis invention. It will be apparent, however, that other variations andmodifications may be made to the described embodiments, with theattainment of some or all of their advantages. Specifically, while thisdescription has been written in terms of N and D-modules, the teachingsof the present invention are equally suitable to systems where thefunctionality of the N and D-modules are implemented in a single system.Alternately, the functions of the N and D-modules may be distributedamong any number of separate systems, wherein each system performs oneor more of the functions. Additionally, the procedures, processes and/ormodules described herein may be implemented in hardware, software,embodied as a computer-readable medium having program instructions,firmware, or a combination thereof. Accordingly this description is tobe taken only by way of example and not to otherwise limit the scope ofthe invention. Therefore, it is the object of the appended claims tocover all such variations and modifications as come within the truespirit and scope of the invention.

1. A system configured to ensure data consistency of data stored on avolume served by a plurality of nodes connected as a cluster,comprising: a first module of the cluster configured to service thevolume, the first module further configured to maintain an authoritativeversion of a data container and associated data of the data containerstored on the volume; a second module of the cluster configured todirect a data access request for the data container and the associateddata to the first module; a local cache of the second module configuredto cache the associated data, the cache comprising an associated currentcache sequence number of the associated data, the current cache sequencenumber comprising a load generation value and an update count value; andthe second module further configured to uses the cached data to servicethe data access request when the current cache sequence numberrepresents a most recent version of the associated data.
 2. The systemof claim 1, wherein the data container comprises a file.
 3. The systemof claim 1, wherein the data container comprises a logical unit.
 4. Thesystem of claim 1, wherein the second module is further configured toreceive the data access request from a client directed to the datacontainer and further configured to forward a first message to the firstmodule to validate the cached data at the second module.
 5. The systemof claim 4, wherein the first module is further configured to determinewhether the cached data at the second module is representative of themost recent version of the associated data, and if so, return a responseto the second module indicating that the cached data can be used toservice the data access request.
 6. The system of claim 5, wherein thefirst module is further configured, to return a copy of updated data tothe second module as part of the response from the first module if thecached data at the second module is not representative of the mostrecent version of the associated data, or to return the responseindicating that the cached data is stale.
 7. The system of claim 6,wherein the second module is further configured to forward a secondmessage to the first module requesting the updated data.
 8. The systemof claim 1, wherein the first module comprises a disk element and thesecond module comprises a network element.
 9. The system of claim 1,wherein the first module is further configured to increment loadgeneration value when an inode of the data container is loaded into amemory of the first module.
 10. The system of claim 9, wherein the firstmodule is further configured to increment update count value when theassociated data is modified while the inode remains loaded in thememory.
 11. The system of claim 1, wherein the first module is furtherconfigured to determine whether an inode of the data container and theassociated data are written to persistent storage.
 12. The system ofclaim 11, wherein in response to writing the inode and the associateddata to persistent storage, the second module is further configured tozero the update count value.
 13. The system of claim 11, wherein inresponse to only writing the associated data to persistent storage, thesecond module further is configured to increment the update count valuewhen the associated data is reloaded into a memory of the first module.14. The system of claim 1, further comprising an inode of the datacontainer, the inode comprising a load generation field with the loadgeneration value.
 15. A method for ensuring data consistency of datastored on a volume served by a plurality of nodes connected as acluster, comprising: configuring a first module of the cluster toservice the volume and maintaining by the first module an authoritativeversion of a data container and associated data of the data containerstored on the volume; configuring a second module of the cluster todirect a data access request for the data container and the associateddata to the first module; configuring a local cache of the second moduleto cache the associated data, the cache comprising an associated currentcache sequence number of the associated data, the current cache sequencenumber comprising a load generation value and an update count value; andusing the cached data to service the data access request when thecurrent cache sequence number represents a most recent version of theassociated data.
 16. The method of claim 15, wherein the data containercomprises a file.
 17. The method of claim 15, wherein the data containercomprises a logical unit.
 18. The method of claim 15, further comprisingreceiving the data access request from a client directed to the datacontainer at the second module; forwarding a first message to the firstmodule to validate the cached data at the second module; determiningwhether the cached data at the second module is representative of themost recent version of the associated data; and if so, returning aresponse to the second module indicating that the cached data can beused to service the data access request.
 19. The method of claim 18,wherein determining further comprises using the current cache sequencenumber to determine whether the cached data at the second module isrepresentative of the most recent version of the associated data. 20.The method of claim 19, further comprising, if the cached data at thesecond module is not representative of the most recent version of theassociated data: returning a copy of updated data to the second moduleas part of the response from the first module; and returning theresponse indicating that the cached data is stale.
 21. The method ofclaim 20, wherein returning the response indicating that the cached datais stale comprises forwarding a second message from the second module tothe first module requesting the updated data.
 22. The method of claim15, further comprising: tagging each data buffer of each data containerstored on the volume with a respective current cache sequence number.23. The method of claim 15, further comprising: incrementing the loadgeneration value when an inode of the data container is loaded into amemory of the first module.
 24. The method of claim 23, furthercomprising: incrementing the update count value when the associated datais modified while the inode remains loaded into the memory.
 25. Themethod of claim 11, further comprising configuring the first module todetermine whether an inode of the data container and the associated dataare written to persistent storage.
 26. The method of claim 25, whereinin response to writing the inode and the associated data to persistentstorage, configuring the second module to zero the update count value.27. The method of claim 25, wherein in response to only writing theassociated data to persistent storage, configuring the second module toincrement the update count value when the associated data is reloadedinto a memory of the first module.
 28. The method of claim 11, whereinthe data container comprises an inode, the inode comprising a loadgeneration field with the load generation value.
 29. A computer-readablestorage medium configured with executable program instructions forexecution by a processor, the computer-readable storage mediumcomprising: program instructions that configure a first module of acluster to service a volume and program instructions that maintain atthe first module an authoritative version of a data container andassociated data of the data container stored on the volume; programinstructions that configure a second module of the cluster to direct adata access request for the data container and the associated data tothe first module; program instructions that configure a local cache ofthe second module to cache the associated data, the cache comprising anassociated current cache sequence number of the associated data, thecurrent cache sequence number comprising a load generation value and anupdate count value; and program instructions that use the cached data toservice the data access request when the current cache sequence numberrepresents a most recent version of the associated data.